cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-23439,https://securityvulnerability.io/vulnerability/CVE-2022-23439,External Resource Referencing Vulnerability in Fortinet Products,"This vulnerability in Fortinet products allows attackers to perform web cache poisoning through specially crafted HTTP requests. By manipulating the 'Host' header to point to a malicious web server, an adversary can inject harmful resources into the cache, potentially impacting the integrity and availability of cached content for users. Multiple Fortinet products are affected, creating a significant security risk that necessitates prompt updates and remediation.",Fortinet,"Fortitester,FortiOS,Fortimail,Fortiswitch,Fortiddos-f,Fortiproxy,Fortirecorder,Fortindr,Fortiadc,Fortimanager,Fortisoar,Fortivoice,Fortiddos,Fortiwlc,Fortianalyzer,Fortiportal,Fortiauthenticator",6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-22T10:15:00.000Z,0
CVE-2022-27488,https://securityvulnerability.io/vulnerability/CVE-2022-27488,CSRF Vulnerability in Fortinet FortiVoice and Related Products,"A cross-site request forgery vulnerability exists within multiple Fortinet products, including FortiVoiceEnterprise, FortiSwitch, and FortiMail. This vulnerability allows remote unauthenticated attackers to execute arbitrary commands on the command-line interface. The exploit relies on tricking authenticated administrators into sending malicious GET requests, potentially compromising sensitive administrative functions.",Fortinet,"Fortivoice,Fortirecorder,Fortiswitch,Fortindr,Fortimail",7.5,HIGH,0.000699999975040555,false,,false,false,false,,,false,false,,2023-12-13T07:15:00.000Z,0
CVE-2023-36633,https://securityvulnerability.io/vulnerability/CVE-2023-36633,Improper Authorization in FortiMail Webmail from Fortinet,"FortiMail webmail versions 7.2.0 to 7.2.2 and prior to 7.0.5 contain an improper authorization vulnerability that can be exploited by authenticated attackers. By crafting specific HTTP or HTTPS requests, these attackers can view and modify the titles of address book folders belonging to other users. This flaw raises concerns regarding the integrity and confidentiality of user data within the application.",Fortinet,Fortimail,5.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2023-11-14T18:15:00.000Z,0
CVE-2023-45582,https://securityvulnerability.io/vulnerability/CVE-2023-45582,Improper Authentication Management in FortiMail Webmail by Fortinet,"An improper restriction of excessive authentication attempts exists in FortiMail webmail, versions 7.2.0 to 7.2.4, 7.0.0 to 7.0.6, and prior to 6.4.8. This vulnerability may allow an unauthorized attacker to exploit the system, potentially conducting brute force attacks on login endpoints by repetitively attempting to gain unauthorized access to user accounts. Due to inadequate safeguards against excessive login attempts, users and systems may face increased security risks.",Fortinet,Fortimail,5.3,MEDIUM,0.0007600000244565308,false,,false,false,false,,,false,false,,2023-11-14T18:15:00.000Z,0
CVE-2023-36637,https://securityvulnerability.io/vulnerability/CVE-2023-36637,Improper Input Neutralization in FortiMail by Fortinet,"FortiMail, developed by Fortinet, exhibits a vulnerability wherein an authenticated attacker can exploit improper input validation during web page generation. This weakness allows the malicious injection of HTML tags into FortiMail's calendar through certain input fields, potentially compromising the integrity and security of user data. It is crucial for users of FortiMail versions 7.2.0, 7.2.1, 7.2.2, and earlier than 7.0.5 to implement necessary security measures to mitigate this risk.",Fortinet,Fortimail,3.4,LOW,0.0005300000193528831,false,,false,false,false,,,false,false,,2023-10-10T17:15:00.000Z,0
CVE-2023-36556,https://securityvulnerability.io/vulnerability/CVE-2023-36556,Authorization Exploit in FortiMail Webmail by Fortinet,"An incorrect authorization vulnerability in FortiMail webmail allows authenticated attackers to gain unauthorized access to other users' accounts on the same web domain. This can be exploited through specially crafted HTTP or HTTPS requests, compromising user data and potentially leading to further attacks within the network. Various versions, including 7.2.0 to 7.2.2, as well as earlier versions below 6.4.7, are susceptible to this flaw.",Fortinet,Fortimail,8.6,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2023-10-10T17:15:00.000Z,0
CVE-2022-29056,https://securityvulnerability.io/vulnerability/CVE-2022-29056,Improper Authentication Attempt Restriction in Fortinet FortiMail,"The vulnerability in Fortinet FortiMail allows a remote unauthenticated attacker to exploit improper restrictions on authentication attempts. By sending an overwhelming number of HTTP requests to the login form, attackers can partially exhaust the server's CPU and memory resources. This creates a risk of service disruption and can affect the performance of the affected FortiMail installations. Users are advised to implement mitigation measures and update to the latest versions to reduce exposure to this vulnerability.",Fortinet,Fortimail,3.5,LOW,0.0014299999456852674,false,,false,false,false,,,false,false,,2023-03-09T14:54:52.009Z,0
CVE-2022-26122,https://securityvulnerability.io/vulnerability/CVE-2022-26122,"Insufficient Data Verification in Fortinet’s FortiClient, FortiMail, and FortiOS Products","Fortinet has identified a vulnerability within its FortiClient, FortiMail, and FortiOS products that stems from inadequate verification of data authenticity. This flaw can be exploited by attackers who manipulate MIME attachments by introducing junk and pad characters in base64 encoding. As a result, the affected AV engines, specifically versions 6.2.168 and below, and 6.4.274 and below, may be circumvented, allowing potential unauthorized actions and data breaches. Users are urged to review the impact of this vulnerability and take appropriate measures.",Fortinet,"Fortinet Av Engine, Fortimail, FortiOS, Forticlient",4.7,MEDIUM,0.0007300000288523734,false,,false,false,false,,,false,false,,2022-11-02T00:00:00.000Z,0
CVE-2022-39945,https://securityvulnerability.io/vulnerability/CVE-2022-39945,Improper Access Control in FortiMail by Fortinet,"An improper access control vulnerability has been identified in FortiMail, which allows authenticated admin users assigned to a specific domain to gain unauthorized access to the information of other domains. This vulnerability may be exploited through insecure direct object references (IDOR), provided that the attacker has valid admin credentials, giving them the ability to modify sensitive domain information unlawfully. It's crucial for organizations utilizing affected FortiMail versions to apply necessary patches and limit the administrative privileges appropriately to safeguard against potential exploitation.",Fortinet,Fortinet Fortimail,5.4,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-11-02T00:00:00.000Z,0
CVE-2022-26114,https://securityvulnerability.io/vulnerability/CVE-2022-26114,Cross-Site Scripting Vulnerability in FortiMail by Fortinet,"An improper neutralization of input during web page generation within FortiMail's webmail feature could allow attackers to exploit this flaw. By sending specially crafted email messages, unauthenticated users might perform cross-site scripting attacks, compromising the security and functionality of vulnerable systems.",Fortinet,Fortinet Fortimail,5.4,MEDIUM,0.0007699999841861427,false,,false,false,false,,,false,false,,2022-09-06T15:15:12.000Z,0
CVE-2022-22299,https://securityvulnerability.io/vulnerability/CVE-2022-22299,Format String Vulnerability in Fortinet Products,"A format string vulnerability exists in the command line interpreter of multiple Fortinet products, including FortiADC, FortiOS, FortiProxy, and FortiMail. This vulnerability allows an authenticated user to exploit the issue by sending specially crafted command arguments, potentially leading to unauthorized code execution or command execution on the affected systems. This poses a significant risk to the integrity and security of the network environment, making it essential for users to ensure that all affected products are updated to secure versions.",Fortinet,"Fortinet Fortiadc, Fortiproxy, Fortimail, FortiOS",7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-08-05T15:23:52.000Z,0
CVE-2021-32586,https://securityvulnerability.io/vulnerability/CVE-2021-32586,Input Validation Flaw in FortiMail Web Server CGI Facilities,"An input validation flaw has been discovered in the CGI facilities of FortiMail, potentially allowing unauthenticated attackers to manipulate the environment of the underlying script interpreter. This is achieved by sending specially crafted HTTP requests, which may lead to unauthorized actions within the application's environment. Fortinet has released updates to address this significant security issue.",Fortinet,Fortinet Fortimail,7.7,HIGH,0.001769999973475933,false,,false,false,false,,,false,false,,2022-03-01T18:20:10.000Z,0
CVE-2021-36166,https://securityvulnerability.io/vulnerability/CVE-2021-36166,Improper Authentication Vulnerability in FortiMail by Fortinet,"An improper authentication vulnerability in FortiMail prior to version 7.0.1 enables potential remote attackers to compromise the authentication token of an administrative account. This can be achieved by observing certain properties of the system, which could allow unauthorized access. Organizations using impacted versions should apply updates promptly to mitigate the risk associated with this vulnerability.",Fortinet,Fortinet Fortimail,9.8,CRITICAL,0.0042500002309679985,false,,false,false,false,,,false,false,,2022-03-01T18:10:10.000Z,0
CVE-2021-43062,https://securityvulnerability.io/vulnerability/CVE-2021-43062,Cross-Site Scripting Vulnerability in Fortinet FortiMail,"Fortinet FortiMail suffers from a cross-site scripting vulnerability due to improper neutralization of user input during web page generation. This vulnerability can be exploited by an attacker through crafted HTTP GET requests directed at the FortiGuard URI protection service, enabling unauthorized code execution or command execution.",Fortinet,Fortinet Fortimail,6.1,MEDIUM,0.00215999991632998,false,,false,false,false,,,false,false,,2022-02-02T11:08:07.000Z,0
CVE-2020-15933,https://securityvulnerability.io/vulnerability/CVE-2020-15933,Sensitive Information Exposure in Fortinet FortiMail Products,"Fortinet FortiMail versions 6.0.9 and below, along with 6.2.4 and 6.4.1/6.4.0, expose sensitive software-version information to unauthorized users. This vulnerability arises from inadequate security measures, allowing attackers to inspect client-side resources and extract potentially sensitive data, posing risks to system integrity and data confidentiality.",Fortinet,Fortinet Fortimail,5.3,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2022-01-05T11:29:04.000Z,0
CVE-2021-26095,https://securityvulnerability.io/vulnerability/CVE-2021-26095,Cryptographic Vulnerabilities in FortiMail by Fortinet,"FortiMail versions 6.4.0 to 6.4.4 and 6.2.0 to 6.2.6 by Fortinet are impacted by cryptographic vulnerabilities in session management. These flaws in the encryption of session cookies can enable remote attackers, who have access to a valid cookie, to potentially manipulate, reveal, or forge its content. This exploit could result in privilege escalation, posing significant security risks to the affected systems.",Fortinet,Fortinet Fortimail,7.5,HIGH,0.0031399999279528856,false,,false,false,false,,,false,false,,2021-07-20T10:48:06.000Z,0
CVE-2021-24013,https://securityvulnerability.io/vulnerability/CVE-2021-24013,Path Traversal Vulnerabilities in FortiMail Webmail,Multiple path traversal vulnerabilities exist in the webmail component of FortiMail prior to version 6.4.4. These vulnerabilities could allow an authorized user to craft specific web requests that may enable unauthorized access to sensitive files and data within the system.,Fortinet,Fortinet Fortimail,8.8,HIGH,0.0009299999801442027,false,,false,false,false,,,false,false,,2021-07-12T13:30:55.000Z,0
CVE-2021-24015,https://securityvulnerability.io/vulnerability/CVE-2021-24015,OS Command Injection Vulnerability in FortiMail by Fortinet,"An OS Command Injection vulnerability exists in the administrative interface of FortiMail prior to version 6.4.4. This flaw enables authenticated attackers to execute unauthorized commands by sending specially crafted HTTP requests, potentially compromising the system's integrity and security. Proper security measures should be implemented to mitigate the risks associated with this vulnerability.",Fortinet,Fortinet Fortimail,7.2,HIGH,0.0016799999866634607,false,,false,false,false,,,false,false,,2021-07-12T13:25:53.000Z,0
CVE-2021-26090,https://securityvulnerability.io/vulnerability/CVE-2021-26090,Memory Exhaustion Vulnerability in FortiMail by Fortinet,"A vulnerability exists in FortiMail's webmail service across several versions, where improper memory management can lead to exhaustion of system resources. An unauthenticated attacker may exploit this flaw by sending specially crafted login requests, potentially disrupting service availability. It is crucial for users of affected versions to implement necessary patches to mitigate these risks and maintain operational integrity.",Fortinet,Fortinet Fortimail,5.3,MEDIUM,0.0017900000093504786,false,,false,false,false,,,false,false,,2021-07-12T12:53:27.000Z,0
CVE-2021-26099,https://securityvulnerability.io/vulnerability/CVE-2021-26099,Cryptographic Flaw in FortiMail's Identity-Based Encryption Service,"A security vulnerability exists in the Identity-Based Encryption service of FortiMail prior to version 7.0.0. This flaw may enable an attacker who gains access to the encrypted master keys to breach their confidentiality. By analyzing specific invariant properties of the ciphertext produced by the service, an adversary could potentially compromise sensitive information.",Fortinet,Fortinet Fortimail,4.4,MEDIUM,0.0006000000284984708,false,,false,false,false,,,false,false,,2021-07-12T09:56:37.000Z,0
CVE-2021-24007,https://securityvulnerability.io/vulnerability/CVE-2021-24007,SQL Injection Vulnerability in FortiMail by Fortinet,"Multiple improper neutralization issues in FortiMail prior to version 6.4.4 enable non-authenticated attackers to potentially execute unauthorized commands or code by sending specially crafted HTTP requests. This vulnerability poses significant risks to users by allowing attackers to manipulate SQL queries, which can lead to data exfiltration and unauthorized access.",Fortinet,Fortinet Fortimail,9.8,CRITICAL,0.0035600000992417336,false,,false,false,false,,,false,false,,2021-07-09T18:37:57.000Z,0
CVE-2021-22129,https://securityvulnerability.io/vulnerability/CVE-2021-22129,Buffer Overflow Vulnerability in FortiMail Webmail and Administrative Interface,"Multiple instances of incorrect buffer size calculations in the FortiMail Webmail and Administrative interface prior to version 6.4.5 create potential vulnerabilities. Authenticated users with webmail access can exploit this flaw by sending specially crafted HTTP requests, potentially enabling the execution of unauthorized code or commands.",Fortinet,Fortinet Fortimail,8.8,HIGH,0.0009599999757483602,false,,false,false,false,,,false,false,,2021-07-09T18:26:30.000Z,0
CVE-2021-26100,https://securityvulnerability.io/vulnerability/CVE-2021-26100,Cryptographic Vulnerability in FortiMail by Fortinet,"A flaw in the Identity-Based Encryption service of FortiMail allows unauthorized attackers to intercept and manipulate encrypted messages, compromising their integrity. This enables attackers to alter the contents and potentially recover the plaintext, posing significant security risks for users relying on the confidentiality of their communications.",Fortinet,Fortinet Fortimail,5.9,MEDIUM,0.001069999998435378,false,,false,false,false,,,false,false,,2021-07-09T18:23:01.000Z,0
CVE-2021-24020,https://securityvulnerability.io/vulnerability/CVE-2021-24020,Cryptographic Implementation Flaw in FortiMail by Fortinet,"A significant flaw exists in FortiMail versions 6.4.0 through 6.4.4 and 6.2.0 through 6.2.7 due to a missing cryptographic step in the hash digest algorithm implementation. This weakness can be exploited by an unauthenticated attacker to manipulate signed URLs by appending additional data. As a result, the attacker could bypass the intended signature verification process, leading to potential security breaches and unauthorized access.",Fortinet,Fortinet Fortimail,7.5,HIGH,0.0030799999367445707,false,,false,false,false,,,false,false,,2021-07-09T18:17:26.000Z,0
CVE-2020-9294,https://securityvulnerability.io/vulnerability/CVE-2020-9294,Improper Authentication Vulnerability in FortiMail and FortiVoice by Fortinet,"An improper authentication vulnerability exists in FortiMail versions 5.4.10, 6.0.7, and 6.2.2, as well as in FortiVoice versions 6.0.0 and 6.0.1. This flaw may permit a remote attacker, who does not have valid credentials, to gain unauthorized access to the system. By exploiting this vulnerability, an attacker can initiate a password change request through the user interface, effectively impersonating a legitimate user and potentially compromising sensitive information or system integrity.",Fortinet,"Fortimail,Fortivoiceenterprise",9.8,CRITICAL,0.02491999976336956,false,,false,false,false,,,false,false,,2020-04-27T17:15:00.000Z,0